1. Field of the Invention
This application is based upon and claims the benefit of priority from Japanese Patent Application No. 2008-111365, filed on Apr. 22, 2008, the disclosure of which is incorporated herein in its entirety by reference.
The present invention relates to a secret communication network and, more particularly, to a method and system for managing shared random numbers such as a cryptographic key to be used between nodes.
2. Description of the Related Art
The Internet is an economic and social infrastructure over which various kinds of data are exchanged, and therefore it is an important issue to provide for preventive measures to protect data flowing over the network from risks of eavesdropping beforehand. A secret communication system, in which data for communication is encrypted, can be cited as one of the preventive measures. There are two broad types of cryptographic methods: common key cryptography and public key cryptography.
The common key cryptography is a method using a common key for both encryption and decryption, as typified by AES (Advanced Encryption Standard). This method enables high-speed processing and therefore is used to encrypt data itself.
The public key cryptography, on the other hand, is a method using a one-way function, as typified by the RSA (Rivest, Shamir, Adleman) encryption algorithm. According to this method, encryption is performed by using a public key, and decryption is performed by using a private key. This method is used to distribute a cryptographic key for the common key cryptography because it is not suitable for high-speed processing.
In secret communication that ensures secrecy by encrypting data, one of the important things to ensure secrecy is that encrypted data will not be broken even if the encrypted data is intercepted by an eavesdropper. Therefore, it is necessary that the same cryptographic key should not be consecutively used to encrypt data. This is because, if the same cryptographic key is consecutively used for encryption, the possibility is increased that the cryptographic key is estimated based on the increased amount of intercepted data.
Accordingly, it is required to update a cryptographic key shared between a sending side and a receiving side. When updating a key, it is absolutely necessary that the key to be updated should not be intercepted or broken. To this end, there are two broad types of methods: (1) a method by which a key is encrypted by means of public key encryption and then transmitted, and (2) a method by which a key is encrypted by using a master key, which is a common key preset for key update, and then transmitted (for example, see Japanese Patent Application Unexamined Publication Nos. 2002-344438 and 2002-300158). Security according to these methods depends on the fact that an enormous amount of calculation is required for cryptanalysis.
On the other hand, quantum key distribution (QKD) is a technology by which a cryptographic key is generated and shared between a sending side and a receiving side by the transmission of a single photon per bit, unlike ordinary optical communication (see Bennett, C. H., and Brassard, G., “QUANTUM CRYPTOGRAPHY: PUBLIC KEY DISTRIBUTION AND COIN TOSSING,” IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, India, Dec. 10-12, 1984, pp. 175-179, and Ribordy, G., Gautier, J.-D., Gisin, N., Guinnard, O., and Zbinden, H., “Automated ‘plug & play’ quantum key distribution,” Electronics Letters, 1998, Vol. 34, No. 22, pp. 2116-2117). This QKD technology ensures security not based on the amount of calculation as mentioned above but based on the quantum mechanics, and it has been proved that eavesdropping on the part of photon transmission is impossible. Moreover, not only proposals to realize one-to-one key generation and sharing, but also proposals have been made to realize key generation and sharing between one node and multiple nodes (hereinafter, referred to as one-to-many key generation and sharing), or key generation and sharing between multiple nodes and multiple nodes (hereinafter, referred to as many-to-many key generation and sharing), by using an optical switching technique and a passive optical branching technique (see Townsend, P. D., “Quantum cryptography on multiuser optical fibre Networks,” Nature, Jan. 2, 1997, Vol. 385, pp. 47-49).
According to the QKD technology as described above, since original information for a cryptographic key is transmitted by being superimposed on each of single photons, it is possible to continue generating a cryptographic key as long as photon transmission is performed. For example, it is possible to generate several tens kilobits of final key per second.
Furthermore, perfectly secure cipher communication can be provided by using a cryptographic key generated by the QKD technology for a one-time pad (OTP) cipher, which has been proved to be unbreakable. When cipher communication is performed by using a OTP cipher, a cryptographic key is consumed as much as the quantity of data and is always discarded once it is used. For example, when a 1-Mbit file is OTP-encrypted, transmitted, and received, a 1-Mbit cryptographic key is consumed.
As described above, in a quantum cryptographic system in which cryptographic keys are generated and consumed in large quantities, it is indispensable to manage the cryptographic keys stored in storage media. In the QKD technology in particular, it is important to manage cryptographic keys among multiple nodes, in order to realize the expansion to one-to-many or many-to-many key generation and sharing by using an optical switching technique and/or a passive optical branching technique as proposed in Townsend cited above.
However, conventional technologies place importance only on the generation of shared information such as a cryptographic key, and the management of shared information even considering the consumption thereof has hardly been performed. As described above, the amount of a stored cryptographic key at each node is increased as key generation and sharing processes are performed, while the stored key is consumed and decreased in amount each time cipher communication is performed. In addition, key generation rates are not uniform among nodes in general because the key generation rate, at which a cryptographic key is generated through the key generation and sharing processes, depends also on the distance between nodes and the quality of communication. Therefore, the amount of a stored key at each node is increased/decreased from moment to moment. As the number of nodes increases, the management of cryptographic keys becomes more complicated.
Moreover, in a network having a center-remote structure like a one-to-many connection network, a cryptographic key is generated and shared between a center node and each remote node. Accordingly, since no cryptographic key is shared between remote nodes, cipher communication cannot be performed between remote nodes. Similarly, in a many-to-many connection network, although cipher communication can be performed between those nodes which perform key generation and sharing processes with each other, these nodes cannot perform cipher communication with other nodes because they do not share a cryptographic key with the other nodes.
When OTP cipher communication is performed in particular, a key once used for encryption cannot be used for decryption, unlike a case where a key with a fixed length is reused. Therefore, it is necessary to separately manage keys for encryption and keys for decryption. This necessity causes a new problem that the management is doubly complicated.
In addition, when a remote node joins or leaves a network in operation, key management in the entire network is affected, also causing a problem that the management is even more complicated.